

Application No. 


Applicant(s) 




Notice of Allowability 


09/545,381 


SPIELMANN ET AL. 


Examiner 


Art Unit 






Beth Van Doren 


3623 





" The MAILING DATE of this communication appears on the cover sheet with the correspondence address- 
All claims being allowable, PROSECUTION ON THE MERITS IS (OR REMAINS) CLOSED in this application. If not included 
herewith (or previously mailed), a Notice of Allowance (PTOL-85) or other appropriate communication will be mailed In due course. THIS 
NOTICE OF ALLOWABILITY IS NOT A GRANT OF PATENT RIGHTS, This application is subject to withdrawal from issue at the initiative 
of the Office or upon petition by the applicant. See 37 CFR 1.313 and MPEP 1308. 

1 . K This communication is responsive to communications received 02/24/2006 . 

2. ^ The allowed claim(s) is/are 1,3-5 and 10-16 . 

3. □ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a) □ All b) □ Some* c) □ None of the: 

1. □ Certified copies of the priority documents have been received. 

2. □ Certified copies of the priority documents have been received in Application No. . 

3. □ Copies of the certified copies of the priority documents have been received in this national stage application from the 

International Bureau (PCT Rule 17.2(a)). 
* Certified copies not received: . 

Applicant has THREE MONTHS FROM THE "MAILING DATE" of this communication to file a reply complying with the requirements 
noted below. Failure to timely comply will result in ABANDONMENT of this application. 
THIS THREE-MONTH PERIOD IS NOT EXTENDABLE, 

4. □ A SUBSTITUTE OATH OR DECLARATION must be submitted. Note the attached EXAMINER'S AMENDMENT or NOTICE OF 

INFORMAL PATENT APPLICATION (PTO-152) which gives reason(s) why the oath or declaration is deficient. 

5. □ CORRECTED DRAWINGS ( as "replacement sheets") must be submitted. 

(a) □ including changes required by the Notice of Draftsperson's Patent Drawing Review ( PTO-948) attached 

1) □ hereto or 2) □ to Paper No./Mail Date . 

(b) □ including changes required by the attached Examiner's Amendment / Comment or in the Office action of 

Paper No./Mail Date . 

Identifying Indicia such as the application number (see 37 CFR 1.84(c)) should be written on the drawings in the front (not the back) of 
each sheet. Replacement sheet{s) should be labeled as such in the header according to 37 CFR 1.121(d). 

6. □ DEPOSIT OF and/or INFORMATION about the deposit of BIOLOGICAL MATERIAL must be submitted. Note the 

attached Examiner's comment regarding REQUIREMENT FOR THE DEPOSIT OF BIOLOGICAL MATERIAL. 



Attachment(s) 

/I. ^ Notice of References Cited (PTO-892) 
2. □ Notice of Draftperson's Patent Drawing Review (PTO-948) 

/3. S Information Disclosure Statements (PTO-1449 or PTO/SB/08), 

Paper No./Mail Date 20060224^ 
4. □ Examiner's Comment Regarding Requirement for Deposit 
of Biological Material 



5. □ Notice of Informal Patent Application (PTO-152) 

6. □ Interview Summary (PTO-413), 

Paper No./Mail Date . 

7. □ Examiner's Amendment/Comment 

/8. S Examiner's Statement of Reasons for Allowance 



9. □ Other 




SUPERVISORY PATENT EXAIWIWER 
TECHWOLOGY C^^f^Trn gSuQ 



U.S. Patent and Trademark Office 
PTOL-37 (Rev. 7-05) 



Notice of Allowability 



Part of Paper No./Mail Date 20060315 



! 

Application/Control Number: 09/545,38 1 Page 2 

Art Unit: 3623 

DETAILED ACTION 

1. The following statement of reasons for allowance is in response to the communications 
received 02/24/2006. Claims 1 and 16 have been amended and claims 2, 6-9, 17, and 18 have 
been canceled. Claims 1, 3-5, and 10-16 are currently pending and are allowed. 

Reasons for Allowance 

2. Claims 1, 3-5, and 10-16 are allowed. 

3. The following is an examiner's statement of reasons for allowance: None of the prior art 
of record, taken individually or in any combination, teach, inter alia: 

As per claims 1 and 3-5, receiving a selection of a business risk element and retrieving 
one or more predetermined control procedures and associated weight(s). Calculating a 
compUance score for each control procedure based on the associated weights and a user selected 
compUance rating, where non-fiiUy compliant control procedures are accepted or not accepted, 
those not accepted requiring a user to generate an action plan. 

As per claims 10-13, receiving a selection of a business risk element by which the 
computer identifies and retrieves associated subrisk elements with one or more predetermined 
control procedures and associated weight(s). Calculating a compliance score for each subrisk' s 
control procedure based on the associated weights and a user selected compliance rating, where 
non- fully compliant control procedures of subrisks are accepted or not accepted, those not 
accepted requiring a user to generate an action plan. 

As per claims 14-15, identifying a set of business risk elements, and retrieving one or 
more predetermined control procedures and associated weight(s) related to at least one business 
risk element. Based on a user selected compliance rating, identifying compliant and non- fully 
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compliant control procedures, where action plans with target dates are generated for those non- 
fully compliant control procedures, and calculating an expected compUance score for a future 
date based on the weights, the fully compliant control procedures, and the target dates for the 
action plans of the non- fully compliant control procedures. 

As per claim 16, selecting a set of business risk elements and one or more control 
procedures related to at least one business risk element, the control procedures having associated 
weight(s). Calculating a compliance score for each control procedure based on the associated 
weights and a user selected compliance rating, where action plans with target dates are generated 
for control procedures that are non-fliUy compliant, and calculating an expected compliance 
score for a future date based on the weights, the target dates for non- fully compliant control 
procedures, and the expected compliance ratings of the control procedures. 

The prior art references most closely resembling the Applicant's claimed invention are 
Weinstock (U.S. 6,223,143), Higgins et al (U.S. 6,397,202), Ibarra (U.S. 6,1 19,097), and Buddie 
et al. (U.S. 6,912,502), and Packwood (U.S. 7,006,992). 

Weinstock discloses a risk model for a system, where the risk model is built by including 
a hierarchy, a timeline, and failure modes. Risks are assessed at failure mode, subsystem, and 
element levels based on user supplied quantifications and a probability of occurrence. However, 
as per claims 1, 3-5, and 16, Weinstock does not expressly disclose calculating a compliance 
score for multiple control procedures per se based on the associated weights and a user selected 
compliance rating, where identified non-fully compliant control procedures are accepted or not 
accepted, those not accepted requiring a user to generate an action plan. As per claims 10-13, 
Weinstock does not teach retrieving subrisk elements or calculating a compliance score for each 
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subrisk's control procedure based on the associated weights and a user selected compUance 
rating, where non- fully compliant control procedures of subrisks are accepted or not accepted, 
those not accepted requiring a user to generate an action plan. As per claims 14-15, Weinstock 
does not teach generating action plans with target dates and calculating an expected compliance 
score for a future date based on the weights, the fully compliant control procedures, and the 
target dates for the action plans of the non- fully compliant control procedures. 

Higgins et al. teaches a computerized system used to project risk levels that arise during a 
large development project. A database of the system stores data, weights, baselines, and risk 
levels. A plurality of variables are determined that relate to the successful completion of the 
project. A baseline is identified for each of these variables that will cause successful completion 
of the project. Data is collected conceming each variable and associated baseline, wherein the 
stored data, risk levels, and the weights are used to project and predict the occurrence of 
undesirable events. However, as per claims 1, 3-5, and 16, Higgins et al. does not expressly 
disclose calculating a compliance score for multiple control procedures per se based on the 
associated weights and a user selected compliance rating, where identified non-fully compliant 
control procedures are accepted or not accepted, those not accepted requiring a user to generate 
an action plan. As per claims 10-13, Higgins et al. does not teach retrieving subrisk elements or 
calculating a compliance score for each subrisk's control procedure based on the associated 
weights and a user selected compliance rating, where non-fiiUy compliant control procedures of 
subrisks are accepted or not accepted, those not accepted requiring a user to generate an action 
plan. As per claims 14-15, Higgins et al does not teach generating action plans with target dates 
and calculating an expected compliance score for a future date based on the weights, the fully 
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compliant control procedures, and the target dates for the action plans of the non-fully compliant 
control procedures. 

Ibarra discloses a system that quantifies job performance characteristics. Each employee 
is assigned multiple objective standard procedures on which the employee is rated, these 
procedures indicating a risk of employee turnover and failure. Each standard is weighted to 
reflect its importance. An overall score is generated for the employee based on the ratings per 
standard and the weights. If a standard is not being met, new activities (or plans) are assigned to 
the employee to enable the employee to meet the standards. However, as per claims 1, 3-5, and 
16, Ibarra does not expressly disclose teach risk elements per se, calculating a compliance score 
for multiple control procedures per se based on the associated weights (wherein the weights are 
not all equally weighted) and a user selected compliance rating, where identified non-fully 
compliant control procedures are accepted or not accepted, those not accepted requiring a user to 
generate an action plan. As per claims 10-13, Ibarra does not teach retrieving subrisk elements 
or calculating a compliance score for each subrisk' s control procedure based on the associated 
weights (wherein the weights are not all equally weighted) and a user selected compliance rating, 
where non-fiiUy compliant control procedures of subrisks are accepted or not accepted, those not 
accepted requiring a user to generate an action plan. As per claims 14-15, Ibarra does not teach 
generating action plans with target dates and calculating an expected compliance score for a 
fixture date based on the weights, the fiiUy compliant control procedures, and the target dates for 
the action plans of the non-fiilly compliant control procedures. 

Buddie et al. teaches a compliance management system, wherein compliance 
requirements are identified for business processes along with compliance issues and risks. Based 
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on the issues and risks, action plans are created and forwarded for monitoring and resolution. 
Each potential risk is weighted to indicate the relative severity and magnitude of the risk. The 
results of the action plan are then reviewed to see if compliance requirements are now met. 
However, as per claims 1, 3-5, and 16, Buddie et al. does not expressly disclose calculating a 
compliance score for multiple control procedures per se based on the associated weights and a 
user selected compliance rating, where identified non- fully compliant control procedures are 
accepted or not accepted, those not accepted requiring a user to generate an action plan. As per 
claims 10-13, Buddie et al. does not teach retrieving subrisk elements or calculating a 
compliance score for each subrisk's control procedure based on the associated weights and a user 
selected compliance rating, where non-fuUy compliant control procedures of subrisks are 
accepted or not accepted, those not accepted requiring a user to generate an action plan. As per 
claims 14-15, Buddie et al. does not teach generating action plans with target dates and 
calculating an expected compliance score for a future date based on the weights, the fiilly 
compliant control procedures, and the target dates for the action plans of the non- fully compUant 
control procedures. 

Packwood discloses identifying and analyzing predetermined risk factors associated with 
the operation of a business, evaluating each risk factor to determine risk level values for each 
risk factor, and generating a risk management report. Management personnel set criteria for risk 
factors determined to be important to business operations. Three levels of risk values are utilized 
and selected for each risk factor-danger, caution, and normal. Each factor is also assigned a 
temporal value and a tolerance value. After the risk factors have been determined and their risk 
level ranges and tolerances have been selected, the system provides measurements of existing 
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risk as compared by weightings of risk factors. A report is generated which includes action plans 
for risk factors that are outside the normal range. However, as per claims 1, 3-5, and 16, 
Packwood does not expressly disclose control procedures per se associated with risk factors, 
wherein the control procedures are weighted using weights retrieved from a database and 
wherein the compliance score is a function of these weights and a rating of the control 
procedures. Packwood more specifically rates and weights risk factors. As per claims 10-13, 
Packwood does not teach retrieving subrisk elements per se with one or more predetermined 
control procedures and associated weights, wherein a compliance score is calculated for each 
subrisk' s control procedure based on the associated weights and a user selected compliance 
rating. As per claims 14-15, Packwood does not teach retrieving one or more predetermined 
control procedures and associated weight(s) or generating action plans with target dates and 
calculating an expected compliance score for a future date based on the weights, the fully 
compliant control procedures, and the target dates for the action plans of the non-fiilly compliant 
control procedures. 

4. Any comments considered necessary by the Applicant must be submitted by no later than 
the payment of the issue fee and, to avoid processing delays, should preferably accompany the 
issue fee. Such submissions should be clearly labeled "Comments on Statements for Reasons for 
Allowance". 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 
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Carman et al. (WO 99/05598) discloses compliance testing software and using rules of 
the business to identify risky values. 

Beale et al. (WO 98/59307) teaches storing and maintaining compliance rules. 

Irving et al. (U.S. 5,991,743) discloses monitoring risk exposure and storing risk data in a 
database. 

Fetherston (U.S. 2002/0120642) discloses organizational compHance management. 

Sturgeon et al. (U.S. 5,726,884) discloses a regulatory compliance system. 

Any inquiry conceming this communication or earlier communications from the 
examiner should be directed to Beth Van Doren whose telephone number is (571) 272-6737. 
The examiner can normally be reached on M-F, 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Tariq Hafiz can be reached on (571) 272-6729. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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